The bills are also expected to include provisions regulating the use of emerging technologies such as advanced quantum computing, artificial intelligence and the metaverse, among others, sources said.
“The idea is to prevent misuse of Indian citizens’ data. Even if the data is stored in India, it can be misused by sophisticated algorithms. This must be prevented,” said a senior government official.
The DIA will also include provisions governing the way big internet companies process data. This is to ensure that they do not identify a single user from an anonymized data set. “Depending on the size, the type of facilitator and the space in which it operates, there will be rules and regulations to ensure users are not harmed,” officials aware of the matter said.
Also read | Significant work done, draft Digital India Act framework by early 2023, says MoS IT
The draft rule, which is in the final stages of preparation, will be submitted to the Department of Justice for review before being made available for public consultation. The new rules will replace the 22-year-old Information Technology Act of 2000, which to date has governed the country’s technology sector.
Discover the stories of your interest
Social media intermediaries such as Meta, Google and Twitter, which handle large amounts of personal data on a daily basis, may also be asked to disclose the methods they use to process the data they collect in specific cases. However, such requests must be backed by law enforcement through court orders, officials said.
Typically, algorithms define how social media users consume content. For example, internet companies like Twitter and Facebook show users “news feeds” tailored to their location and interests. The proprietary codes can also analyze large amounts of data to create specific profiles based on browsing or shopping history along with other factors such as gender, age, friends and family.
Earlier this year, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar called on member states of the Global Partnership on Artificial Intelligence (GPAI) to work towards a framework to prevent artificial intelligence abuse causing harm to users.
Earlier this year, in one of the first cases of its kind, short-video sharing platform TikTok told an Australian government committee that it would allow government officials to review its algorithm and test its source code. This comes after the Australian government raised concerns about the profiling of its citizens by ByteDance-owned company.
Coming Legislation
India’s DIA aligns with the country’s draft Telecoms Act and Digital Personal Data Protection Bill released earlier this year. The DIA will be in a simple and concise format, and will leave room for executive rulemaking in the future given the changing technology landscape, sources said.
“We will not overload the DIA with too many legal regulations. Instead, it will be a framework with space for execution rules that can be updated over time as needed,” they added.
Differing from previous practices, the Department of Electronics and Information Technology, which is drafting the DIA, is likely to seek an independent legal opinion on some of the contentious issues before sending the draft bill to the Union Department of Justice for comment before release to the public for wider discussion, sources said
The final draft of the DIA could be released for public consultation soon after the end of Parliament’s winter session, they added.
Over the past year, India has seen an onslaught of policies aimed at regulating the digital ecosystem. While the draft Telecoms Act was published earlier this year, the Government also announced changes to the IT Intermediary Rules under the IT Act 2000. Earlier this month, it also released a draft of the revised data law, after repealing the Personal Data Protection Act that was five years in the making.
On November 18 this year, the IT Ministry published a draft DPDP law for public consultation. In the latest draft, the government has proposed that a penalty of up to Rs 200 crore be imposed if an organisation, data trustee or data processor handling users’ personal data “takes appropriate safeguards to prevent a personal data breach”. impede”. .
The draft of the new data law has allowed data to be stored and transferred in “trustworthy” jurisdictions, which are determined by the government from time to time. The revised bill also provides for the imposition of stiff fines if organizations fail to contain data breaches or notify users and the government of such incidents.
